Have you been following the blog postings by Russian security firm, Intevydis? Frustrated with the unresponsiveness of vendors, Intevydis has pledged to reveal details of undisclosed flaws in enterprise applications that include databases.
One of those Oracle bugs revealed was the Oracle Internet Directory oidldapd heap corruption; Bug has been found in 10.1.2.0.2 version. But as the blog states this bug might be fixed now.